diff options
author | sam <sam@FreeBSD.org> | 2007-07-11 15:48:36 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2007-07-11 15:48:36 +0000 |
commit | 35aef052ff21baa52c4cec68b512986c21f70a48 (patch) | |
tree | c3da7f33886a852f7dceb74373fbdeec49a48f77 /contrib/wpa_supplicant/README | |
parent | 840099f34d8de1ca769f02fae379c4d8e5d6688a (diff) | |
download | FreeBSD-src-35aef052ff21baa52c4cec68b512986c21f70a48.zip FreeBSD-src-35aef052ff21baa52c4cec68b512986c21f70a48.tar.gz |
Import of WPA supplicant 0.5.8
Diffstat (limited to 'contrib/wpa_supplicant/README')
-rw-r--r-- | contrib/wpa_supplicant/README | 102 |
1 files changed, 76 insertions, 26 deletions
diff --git a/contrib/wpa_supplicant/README b/contrib/wpa_supplicant/README index 831756b..be07574 100644 --- a/contrib/wpa_supplicant/README +++ b/contrib/wpa_supplicant/README @@ -1,8 +1,7 @@ WPA Supplicant ============== -Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi> and -contributors +Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors All Rights Reserved. This program is dual-licensed under both the GPL version 2 and BSD @@ -26,13 +25,13 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA (this copy of the license is in COPYING file) -Alternatively, this software may be distributed under the terms of BSD -license: +Alternatively, this software may be distributed, used, and modified +under the terms of BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -90,6 +89,8 @@ Supported WPA/IEEE 802.11i features: * EAP-AKA * EAP-PSK * EAP-PAX + * EAP-SAKE + * EAP-GPSK * LEAP (note: requires special support from the driver for IEEE 802.11 authentication) (following methods are supported, but since they do not generate keying @@ -103,6 +104,20 @@ Supported WPA/IEEE 802.11i features: * pre-authentication * PMKSA caching +Supported TLS/crypto libraries: +- OpenSSL (default) +- GnuTLS + +Internal TLS/crypto implementation (optional): +- can be used in place of an external TLS/crypto library +- TLSv1 +- X.509 certificate processing +- PKCS #1 +- ASN.1 +- RSA +- bignum +- minimal size (ca. 50 kB binary, parts of which are already needed for WPA; + TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86) Requirements @@ -114,6 +129,14 @@ Current hardware/software requirements: - NetBSD-current - Microsoft Windows with WinPcap (at least WinXP, may work with other versions) - drivers: + Linux drivers that support WPA/WPA2 configuration with the generic + Linux wireless extensions (WE-18 or newer). Even though there are + number of driver specific interface included in wpa_supplicant, please + note that Linux drivers are moving to use generic wireless extensions + and driver_wext (-Dwext on wpa_supplicant command line) should be the + default option to start with before falling back to driver specific + interface. + Host AP driver for Prism2/2.5/3 (development snapshot/v0.2.x) (http://hostap.epitest.fi/) Driver need to be set in Managed mode ('iwconfig wlan0 mode managed'). @@ -191,18 +214,27 @@ Optional libraries for layer2 packet processing: These libraries are _not_ used in the default Linux build. Instead, internal Linux specific implementation is used. libpcap/libdnet are -more portable and they can be used by adding CONFIG_DNET_PCAP=y into +more portable and they can be used by adding CONFIG_L2_PACKET=pcap into .config. They may also be selected automatically for other operating -systems. +systems. In case of Windows builds, WinPcap is used by default +(CONFIG_L2_PACKET=winpcap). Optional libraries for EAP-TLS, EAP-PEAP, and EAP-TTLS: -- openssl (tested with 0.9.7c and 0.9.7d, assumed to work with most - relatively recent versions; this is likely to be available with most - distributions, http://www.openssl.org/) - -This library is only needed when EAP-TLS, EAP-PEAP, or EAP-TTLS -support is enabled. WPA-PSK mode does not require this or EAPOL/EAP +- OpenSSL (tested with 0.9.7c and 0.9.7d, and 0.9.8 versions; assumed to + work with most relatively recent versions; this is likely to be + available with most distributions, http://www.openssl.org/) +- GnuTLS +- internal TLSv1 implementation + +TLS options for EAP-FAST: +- OpenSSL 0.9.8d _with_ openssl-0.9.8d-tls-extensions.patch applied + (i.e., the default OpenSSL package does not include support for + extensions needed for EAP-FAST) +- internal TLSv1 implementation + +One of these libraries is needed when EAP-TLS, EAP-PEAP, EAP-TTLS, or +EAP-FAST support is enabled. WPA-PSK mode does not require this or EAPOL/EAP implementation. A configuration file, .config, for compilation is needed to enable IEEE 802.1X/EAPOL and EAP methods. Note that EAP-MD5, EAP-GTC, EAP-OTP, and EAP-MSCHAPV2 cannot be used alone with WPA, so @@ -321,8 +353,8 @@ select which parts of it will be included. This is done by creating a build time configuration file, .config, in the wpa_supplicant root directory. Configuration options are text lines using following format: CONFIG_<option>=y. Lines starting with # are considered -comments and are ignored. See defconfig file for example configuration -and list of available option. +comments and are ignored. See defconfig file for an example configuration +and a list of available options and additional notes. The build time configuration can be used to select only the needed features and limit the binary size and requirements for external @@ -332,8 +364,9 @@ methods (e.g., EAP-TLS, EAP-PEAP, ..) are included. Following build time configuration options are used to control IEEE 802.1X/EAPOL and EAP state machines and all EAP methods. Including -TLS, PEAP, or TTLS will require linking wpa_supplicant with openssl -library for TLS implementation. +TLS, PEAP, or TTLS will require linking wpa_supplicant with OpenSSL +library for TLS implementation. Alternatively, GnuTLS or the internal +TLSv1 implementation can be used for TLS functionaly. CONFIG_IEEE8021X_EAPOL=y CONFIG_EAP_MD5=y @@ -346,6 +379,8 @@ CONFIG_EAP_OTP=y CONFIG_EAP_SIM=y CONFIG_EAP_AKA=y CONFIG_EAP_PSK=y +CONFIG_EAP_SAKE=y +CONFIG_EAP_GPSK=y CONFIG_EAP_PAX=y CONFIG_EAP_LEAP=y @@ -355,11 +390,6 @@ authentication algorithm (for EAP-SIM/EAP-AKA). This requires pcsc-lite CONFIG_PCSC=y -Following option can be used to replace the native Linux packet socket -interface with libpcap/libdnet. - -CONFIG_DNET_PCAP=y - Following options can be added to .config to select which driver interfaces are included. Hermes driver interface needs to be downloaded from Agere (see above). CONFIG_WIRELESS_EXTENSION will be used @@ -402,6 +432,8 @@ CONFIG_EAP_OTP=y CONFIG_EAP_SIM=y CONFIG_EAP_AKA=y CONFIG_EAP_PSK=y +CONFIG_EAP_SAKE=y +CONFIG_EAP_GPSK=y CONFIG_EAP_PAX=y CONFIG_EAP_LEAP=y CONFIG_PCSC=y @@ -449,19 +481,30 @@ Command line options -------------------- usage: - wpa_supplicant [-BddehLqqvw] -i<ifname> -c<config file> [-D<driver>] \ - [-N -i<ifname> -c<conf> [-D<driver>] ...] + wpa_supplicant [-BddehLqqvwW] [-P<pid file>] [-g<global ctrl>] \ + -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-p<driver_param>] \ + [-b<br_ifname> [-N -i<ifname> -c<conf> [-C<ctrl>] [-D<driver>] \ + [-p<driver_param>] [-b<br_ifname>] ...] options: + -b = optional bridge interface name -B = run daemon in the background + -c = Configuration file + -C = ctrl_interface parameter (only used if -c is not) + -i = interface name -d = increase debugging verbosity (-dd even more) + -D = driver name + -g = global ctrl_interface -K = include keys (passwords, etc.) in debug output -t = include timestamp in debug messages -h = show this help text -L = show license (GPL and BSD) + -p = driver parameters + -P = PID file -q = decrease debugging verbosity (-qq even less) -v = show version -w = wait for interface to be added, if needed + -W = wait for a control interface monitor before starting -N = start describing new interface drivers: @@ -473,7 +516,7 @@ drivers: wext = Linux wireless extensions (generic) ndiswrapper = Linux ndiswrapper broadcom = Broadcom wl.o driver - ipw = Intel ipw2100/2200 driver + ipw = Intel ipw2100/2200 driver (old; use wext with Linux 2.6.13 or newer) wired = wpa_supplicant wired Ethernet driver bsd = BSD 802.11 support (Atheros, etc.) ndis = Windows NDIS driver @@ -503,6 +546,13 @@ wpa_supplicant \ -c wpa2.conf -i ath0 -D madwifi +If the interface is added in a Linux bridge (e.g., br0), the bridge +interface needs to be configured to wpa_supplicant in addition to the +main interface: + +wpa_supplicant -cw.conf -Dmadwifi -iath0 -bbr0 + + Configuration file ------------------ @@ -518,7 +568,7 @@ reloading can be triggered with 'wpa_cli reconfigure' command. Configuration file can include one or more network blocks, e.g., one for each used SSID. wpa_supplicant will automatically select the best betwork based on the order of network blocks in the configuration -file, network security level (WPA/WPA2 is prefered), and signal +file, network security level (WPA/WPA2 is preferred), and signal strength. Example configuration files for some common configurations: |